Use all available ipaddresses as SAN for master nginx
As master node nginx must be acceccible from any network it has and nginx listen on every interface, all IP addresses from them must be used in TLS certificate for proper connection. Change-Id: Ib7121af26fffbe011a616b3ffdabb45dc273c3ce Closes-Bug: #1517893
This commit is contained in:
parent
1abcbf3b92
commit
7f61fea530
|
@ -58,12 +58,13 @@ class nailgun::nginx(
|
|||
}
|
||||
|
||||
if $ssl_enabled {
|
||||
$ips = inline_template('<%= @interfaces.split(",").reject{ |iface| iface =~ /^(lo|docker)/ }.map {|iface| scope.lookupvar("ipaddress_#{iface}")}.compact.join(",") %>')
|
||||
openssl::certificate::x509 { 'nginx':
|
||||
ensure => present,
|
||||
country => 'US',
|
||||
organization => 'Fuel',
|
||||
commonname => 'fuel.master.local',
|
||||
altnames => [$nailgun_host],
|
||||
altnames => union(split($ips, ','), [$nailgun_host]),
|
||||
state => 'California',
|
||||
unit => 'Fuel Deployment Team',
|
||||
email => 'root@fuel.master.local',
|
||||
|
|
|
@ -3,5 +3,12 @@ require 'shared-examples'
|
|||
manifest = 'master/nginx-only.pp'
|
||||
|
||||
describe manifest do
|
||||
shared_examples 'catalog' do
|
||||
let(:facts) do
|
||||
Noop.centos_facts.merge({
|
||||
:interfaces => 'eth0,eth1'
|
||||
})
|
||||
end
|
||||
end
|
||||
test_centos manifest
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue